Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...
23.12.2014 Views
Share Embed Flag

Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...

Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...

Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
reverse.put.as

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

TECHNIQUES<br />

SYSCALL HOOKS<br />

static struct sysent * find_sysent () {<br />

struct sysent *table;<br />

int *nsysent = (int *)find_kernel_symbol("_nsysent");<br />

table = (struct sysent *)(((uint64_t)nsysent) -<br />

((uint64_t)sizeof(struct sysent) * (uint64_t)*nsysent));<br />

}<br />

if (table[SYS_syscall].sy_narg == 0 &&<br />

table[SYS_exit].sy_narg == 1 &&<br />

table[SYS_fork].sy_narg == 0 &&<br />

table[SYS_read].sy_narg == 3 &&<br />

table[SYS_wait4].sy_narg == 4 &&<br />

table[SYS_ptrace].sy_narg == 4)<br />

{<br />

return table;<br />

} else {<br />

return NULL;<br />

}<br />

<strong>Defiling</strong> <strong>Mac</strong> <strong>OS</strong> X - <strong>Ruxcon</strong><br />

November, 2011

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!